Skip to content

Bump actions/checkout from 4 to 6#93

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions/checkout-6
Open

Bump actions/checkout from 4 to 6#93
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions/checkout-6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025
edited
Loading

Bumps actions/checkout from 4 to 6.

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump actions/checkout from 4 to 6
05dac80 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 22, 2025

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

emreakay
emreakay approved these changes Jan 9, 2026
View reviewed changes
Copy link
Contributor

@emreakay emreakay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checklist Review Sonucu

PR: #93 - Bump actions/checkout from 4 to 6
Reviewer: a-checklist-reviewer
Checklist: general

Gecen Kontrollar (Uygulanabilir Olanlar)

Kategori Kontrol Durum Aciklama
Code Quality Kod okunabilir ve anlasilir mi? GECTI YAML degisiklikleri minimal ve net
Code Quality DRY prensibi uygulanmis mi? GECTI Tekrar eden kod yok
Code Quality Gereksiz yorum satirlari temizlenmis mi? GECTI Yorum satiri eklenmemis
Code Quality Dead code var mi? GECTI Kullanilmayan kod yok
Security Hardcoded credential var mi? GECTI Credential yok
Security Sensitive data loglanmiyor mu? GECTI Sensitive data yok
Git & Commit Commit mesajlari aciklayici mi? GECTI Dependabot standart formati kullanilmis
Git & Commit Tek commit'te tek is yapilmis mi? GECTI Sadece checkout action guncellemesi
Git & Commit Gereksiz dosyalar commit'e dahil mi? GECTI Sadece workflow dosyalari degismis
Documentation README guncellenmesi gerekiyor mu? GECTI Gerekmiyor

Uygulanamayan Kontrollar

Asagidaki kontrollar bu PR icin uygulanabilir degil (dependency bump PR'i):

  • Error handling kontrollari (kod degisikligi yok)
  • Testing kontrollari (runtime kodu yok)
  • SQL injection / XSS kontrollari (veritabani/web kodu yok)
  • N+1 query / Performance kontrollari (query yok)

Dependabot PR Ozel Degerlendirmesi

Kontrol Durum Aciklama
Version bump guvenli mi? GECTI actions/checkout resmi GitHub action'i, v6 stable release
Workflow dosyalari dogru formatlanmis mi? GECTI YAML syntax dogru, indent uygun
CI/CD sorunlari olabilir mi? DIKKAT v6, minimum runner v2.329.0 gerektiriyor (Docker container action senaryolari icin)
Breaking change var mi? DIKKAT v6'da credential'lar $RUNNER_TEMP altina persist ediliyor (v4'ten farkli)

Notlar

  1. actions/checkout v6 Degisiklikleri:

    • Node.js 24 destegi eklendi
    • Credential'lar artik local git config yerine ayri bir dosyaya ($RUNNER_TEMP) persist ediliyor
    • Minimum runner version: v2.329.0 (Docker container action senaryolari icin)

  2. Risk Degerlendirmesi: DUSUK

    • Bu PR sadece checkout action versiyonunu guncelliyor
    • GitHub-hosted runner'lar otomatik guncellendigi icin uyumluluk sorunu beklenmez
    • Workflow'larda fetch-depth: 1 kullaniliyor ki bu standart bir yapilandirma

  3. Oneri:

    • Merge edilebilir
    • CI/CD pipeline'in basariyla calistigini dogrulamak iyi olur

Ozet

Kategori Gecen Basarisiz Uygulanamaz
Code Quality 4 0 2
Security 2 0 3
Error Handling 0 0 4
Testing 0 0 3
Documentation 1 0 2
Git & Commit 3 0 0
Performance 0 0 3
Toplam 10 0 17

Sonuc: APPROVE

Bu Dependabot PR'i guvenli gorunuyor. actions/checkout v4'ten v6'ya guncelleme resmi bir major version bump'i ve GitHub-hosted runner'larda sorunsuz calismasi bekleniyor.

Reviewed by a-checklist-reviewer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emreakay emreakay emreakay approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@emreakay